On 4/3/22 21:07, ghe2001 wrote:
On Sunday, April 3, 2022 7:37 PM, David Christensen <dpchrist@holgerdanske.com> wrote:Mozart is famous enough that I expect transcripts of all of his works exist.Yes, but they don't know it's Mozart. And he wrote lots of pieces with words.
Suppose the attacker prepares dictionaries using the "first characters" algorithm for passwords ranging in length from 1 to N characters (where N is the number of words in the work) for all known human works, and compiles those dictionaries into one huge dictionary. The number of 1-character English passwords would be the same as the number of uppercase and lowercase characters in the English language (e.g. 52). (Similarly so for all the other human languages.) The number of 2-character English passwords could be 52**2. But, as the password length increases, the number of dictionary entries will drop below 52**length. For very long passwords, say the entire King James Bible (788,280 words), there would be few such English entries in the dictionary. The huge dictionary might be petabytes, exabytes, zettabytes, etc., but that is tiny compared to 52**788,280.
And, that algorithm is common.I kinda thought it probably was. It's pretty obvious. The idea is to generate a bunch of gibberish that could be easily remembered.
It's not gibberish; it has meaning. The meaning is what makes the password both memorable and weak.
I expect that serious crackers already have such.I don't think so. It's not a word, so how could it be in a dictionary? And a dictionary of the letters of all the things it might have come from would be a pretty big task.
You are thinking of books. I am thinking of data structures/ files generated via the "first characters" algorithm applied to published works.
Using a unique and unpublished phrase or sentence would preclude creating a dictionary. But, is there such a thing as a "unique and unpublished phrase or sentence" and how do you remember it forever?Well, it wouldn't work if the line is unpublished -- like you say, it'd miss the 'remember it forever' part. It needs to be something that's already remembered. And there are so many places it could come from: Plato, the writings of the Buddha, 1950s rock, a couple lines of COBOL, one or another translation of something, etc. Depends on the user's background. It's something from the user's memory. I think the password would, in effect, be random to anybody but the user. But like I said -- I think...
A smart adversary will study his target. David